Dedicated to providing the latest
HIPAA compliance news

ONC Issues Guidance for Negotiating EHR Contracts

Share this article on:

The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) has issued guidance for HIPAA covered entities to assist them when negotiating EHR contracts. The guidance offers advice on how to select and negotiate terms with EHR vendors, and helps covered entities understanding the fine print of contracts.

The benefits of EHR systems are clear; however, in practice those systems do not always live up to expectations. If mistakes are made in the selection of EHR systems, or errors made negotiating contracts, the systems can result in unexpected costs being incurred, business efficiency can be disrupted, and covered entities may even be prevented from accessing patient records.

Many healthcare organizations fail to appreciate that while an EHR system includes the data repository and software for creating, maintaining, and accessing data, the EHR will need to be interoperable with other healthcare IT systems. Compatibility issues with those systems can prove extremely costly.

Many of the implementation, maintenance, and access problems that covered entities experience stem from mistakes that are made in the contracting process. The purpose of the guidance is to make healthcare organizations aware of some of the common problems that can arise and the errors that are all too often made during contract negotiations.

While the guidance is specifically written to assist covered entities when selecting an EHR systems and negotiating contract terms, many of the elements included in the guidance can be applied to other health IT products and services.

The guidance has been written for healthcare decision makers (and their advisers) and covers specific issues relating to the Health Insurance Portability and Accountability Act. The guidance aims to enhance understanding of core EHR issues and provides practical advice to help decision makers communicate their needs and requirements to EHR vendors.

The guidance covers safety and security, system performance, data rights, interoperability and integration, intellectual property, liability, dispute resolution, data access, and transition issues.

The document is not a comprehensive covering all issues related to the selection and acquisition of an EHR system, but it does go into sufficient detail to help covered entities avoid the common pitfalls, of which there are many. The guidance touches on HIPAA, but does not explain all HIPAA requirements in full, such as the need to enter into a Business Associate Agreement with the EHR provider prior to disclosing any PHI. Detailed information on HIPAA requirements for EHRs can be found in other HHS resources.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On